From the course: Cisco CCNA (200-301) Cert Prep: 3 Security, Automation, and Programmability
Join today to access over 24,800 courses taught by industry experts.
Port security
From the course: Cisco CCNA (200-301) Cert Prep: 3 Security, Automation, and Programmability
Port security
- [Instructor] Layer two security doesn't have, a one size fits all solution, there isn't an easy button for it. Rather, it's a layering of multiple techniques to achieve as much protection as is required. I'll start by discussing a feature known as Port Security. In essence, it limits the number of MAC addresses and even which MAC addresses are allowed to send inbound packets on a switch port. Limiting the number of MAC addresses, can prevent attacks like DHCP starvation, where tens or hundreds of MACs, will show up on a single interface. When enabled on a port by default, only a single MAC address will be learned, incoming on that port. And the logic is first come first served. This means if you have multiple MAC addresses, leaving off this port, whoever sends a packet first wins. The default violation mode is to shut down the port, if additional MACs arrive. I always adjust this behavior as seen below. While port security can be applied to a trunk port, I wouldn't recommend it…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Key security concepts4m 18s
-
(Locked)
Security program elements1m 19s
-
(Locked)
Password policy elements2m 27s
-
(Locked)
VPNs2m 43s
-
(Locked)
Standard access control lists (ACLs)4m 49s
-
(Locked)
ACL wildcard masks4m 20s
-
(Locked)
Extended ACLs3m 46s
-
(Locked)
Named ACLs6m 14s
-
(Locked)
Port security4m 18s
-
(Locked)
DHCP snooping3m 33s
-
(Locked)
Dynamic ARP Inspection (DAI)3m 42s
-
-
-